Gameige.com has been compromised

Posted by on 8 December, 2007 No comments

GnomeSome pages on the website gameige.com have been compromised, using iframes to cause people’s browsers to download malware and steal information from the computer. This is a risk if your web browser loads ActiveX controls (such as Internet Explorer). Gameige.com is used by players of online games such as World of Warcraft.

The use of a good antivirus program that filters websites would help here. And hopefully by the time you read this the people supporting the site would have fixed it.

Taking A Work Notebook Home

Posted by on 7 December, 2007 No comments

A common scenario is when someone takes home a notebook from work. The intention is to do work from home for whatever reason.

Notebook - typingThis could be a serious security risk. Most companies have gone to a lot of trouble to secure their office networks (for example by installing and managing firewalls; though a firewall is not enough to secure a network). In fact some companies have an entire department dedicated to maintaining network security. However most homes don’t have managed firewalls or any of the other network security systems or resources that companies often use. This effectively makes a home network less secure.

The risk is having an outsider gain access to the contents of the notebook. This could be achieved in a number of ways including having a trojan on another PC in the house. The possible damage to businesses can be huge, depending on the importance of the data on the notebook, or the importance of the work being done from home.

Some misconceptions need to be explained:

  • All firewalls are the same – this is not true. There are different types of firewalls making some more secure than others. They also need to be patched when the vendor discovers a vulnerability. Some home routers even claim to have firewalls when they don’t (they claim that a NAT feature is effectively a firewall – it isn’t). SPI firewalls are good (Stateful Packet Inspection)
  • No one would be interested in hacking into your home network. The internet doesn’t discriminate, every device connected to the internet is at as much risk as every other device

It’s not all bad news though. There are things you can do to protect yourself and your employer.

  • The laptop should have an antivirus program installed. It needs to be up to date.
  • The laptop would ideally have a “personal firewall” installed. Windows Firewall is not good enough. You need something that not only stops other programs getting into the notebook, it needs to stop unknown programs already on the notebook from getting out to the internet.
  • The home router should have its own firewall, or you could use a dedicated firewall device. Ideally the firewall would filter out traffic coming from or going to known sources of malware but this isn’t going to happen at home, it requires a fair bit of maintenance (i.e. it’s expensive)
  • Encrypt the hard drive in the notebook. This can protect you if you lose the notebook or it gets stolen (and statistics show this happens often). Whole disk encryption costs money and slows down the notebook a bit but it’s very important.
  • Don’t carry all your files on the notebook. Don’t keep all your emails, or your entire client list, etc. Only copy the data you need to get the job done and limit the risk.
  • A VPN to your office network can help.
  • Don’t connect your notebook to the internet. These days almost everyone needs the internet to do work so this idea might not be very practical
  • Don’t use someone else’s wireless network. Not only is this illegal in many countries, you would be sending all your data through a stranger’s network. It’s technically possible for someone to intercept that data, even to manipulate it.
  • If you use wireless at all make sure it uses a strong security protocol (WPA or WPA2)

A note about VPNs:

VPN stands for Virtual Private Network. It’s a piece of technology that can be used to join an office network to a home network. Servers and PCs on the networks would behave as if they were sitting in the same location, ignoring the fact there’s some distance inbetween, and ignoring the fact it’s really travelling across the Internet.

A VPN isn’t the be all and end all of security, it’s only a technical solution to a technical problem. You still need firewalls, virus scanners, and a little bit of tech support.

They can be setup to route all traffic to your office network and then you would trust your office network to filter the traffic for you. This is generally good. There are some caveats:

  •  Activities like internet browsing are slowed down
  • Your office network may keep a log of what websites you view from home, when you’re connected to the VPN
  • You’re trusting your office’s IT staff not to hack into your home network (it’s technically easier when you establish a VPN)
  • It costs your employer money to setup and manage a VPN
  • If you have an unreliable internet connection at home it’ll disrupt your work.

Above all find out what your company’s IT policies are and follow them as best you can. If they don’t have one then now’s a good time to suggest one. Working from home doesn’t have to be risky.

Malicious Christmas eCards

Posted by on 7 December, 2007 No comments

If you receive an eCard (email card) from someone you don’t know it might be from someone with malicious intents. Especially if it has the following:

  • The subject is similar to: This is my one-off Xmase-card for you ^_^ Very nice
  • The body of the email contains a link to: http://uklotttery.us/?id=ecard
  • The body of the email contains the text: This is my one-off Xmase-card for you ^_^ Very nice
  • And it has the words: no worm , no virus

If you find something similar to the above just delete it. It’s sent as spam and the link will try to install a virus.

No doubt there’ll be many attempts this festive season to play on people’s trust so as always be wary of things like this.

Wireless Keyboards are easily hacked

Posted by on 6 December, 2007 No comments

Wireless keyboards can be intercepted, very easily. This is something you should be aware of not only when purchasing new equipment but when using someone else’s computer. There’s no real defence against it either, other than using a wired keyboard.

Before I explain the risks let me point out which keyboards it does and doesn’t affect:

  • All keyboards using a 27MHz transmitter are at risk (which includes most of them)
  • Keyboards that advertise "wireless encryption" or "secure" features are also at risk
  • Bluetooth keyboards are safer (though these are generally more expensive)

typewriter The risks of such an "attack" should be obvious – other people within range could be recording every keystroke. This includes the address of websites you go to, usernames, passwords, the contents of emails, chat conversations, etc.

In a business environment this would be a critical breach of security. Giving away passwords, trade secrets, and other sensitive information is quite serious, and in a lot of cases criminally irresponsible. Wireless keyboards that fall into the "at risk" categories above should be banned.

At home the risks are just as serious. Anyone using a home computer to do internet banking should immediately recognise the dangers of giving away too much information (i.e. finding a large amount of money removed from your bank account). Again, either use a wired keyboard at home, a Bluetooth wireless keyboard (expensive), or limit the keyboard & computer’s use to trivial tasks such as gaming.

How does the attack work?

Well, it seems there are only 256 possible encryption codes, so hackers have cleverly written software that tries them all within seconds. Then there are other tricks they use to break the encryption that some keyboards use (for the IT savvy reader, it’s an XOR protocol).

So it takes about 20 to 50 keystrokes before enough information can be gathered to break the encryption.

How close does one need to be to "sniff" wireless keyboard signals? Usually it’s 4-8 feet, or 1-3 metres. But with more powerful aerials this can be extended much further (hundreds of metres).

Also keep in mind that Bluetooth generally isn’t a very security protocol. It’s only considered safer because of how easy it now is to hack normal wireless keyboards. But you shouldn’t use it to keep million dollar secrets.

There’s a video here demonstrating how it works (warning, it’s geeky and technical): Wireless keyboard hacking.

So go back to wired keyboards, they not only more reliable and more secure, they don’t have batteries that need replacing or recharging.

Chinese CyberSpying

Posted by on 3 December, 2007 No comments

Security Gate British businesses are being warned about Chinese industrial espionage aimed at retrieving financially sensitive data. In particular, at least 1000 businesses have been warned that they’ve potentially been targeted to obtain data on their trading with Chinese companies, in an attempt for the Chinese parties to negotiate higher prices in their business dealings. There’s an article here with the full story.

This post is aimed at businesses, whether large or small. Online espionage, or cyber spying, is a real threat. It doesn’t necessarily need to come from China either, the technology and skills exist in just about every city and country that’s connected to the internet.

Everyone needs to secure both their networks and the computers with it. The old belief that a firewall is enough has always been false, even more so now that data threats can come from so many levels (see the SANS document that was mentioned here earlier). It’s everyone’s responsibility to do everything within their power to increase security. The threats are out there, large amounts of (your) money are stake, and there’s always something you can do.

So now is a good time to review your network security and to improve it.

Top 20 Internet Security Risks

Posted by on 3 December, 2007 No comments

SANS is an organisation that does a lot of security research as well as other things, and they have a good reputation for their work. They’ve just published a report showing the top 20 internet security risks. They point out that social engineering is one of the biggest risks at the moment. Social engineering is the term used to describe how people effectively trick (or otherwise convince) others to provide sensitive details.

There’s a lot of detail in this report and it’s well worth reading. Below are a few bits of information from the report and it’s just not possible to summarise it all here. Have a read through it if you have time.

  • Web applications are vulnerable to being hacked and information misused or stolen.
  • People can be manipulated
  • The following applications are the most vulnerable:
    • Web Browsers
    • Office Software
    • Email Clients
    • Media Players
  • Unencrypted laptops are a risk to losing large amounts of data
  • Instant messaging and peer-to-peer programs are a risk to businesses

The full report is here. It’s long and very detailed, and well worth your time in reading it.

Bluetooth Headsets

Posted by on 2 December, 2007 No comments

Most Bluetooth headsets are not secure. I encourage everyone to watch the video linked below to see how easy they are to hack.

In this demonstration by Joshua Wright he connects to a stranger’s bluetooth headset and is able to eavesdrop on the random stranger. He also briefly shows how audio can also be sent to the headset. Anyone with a Bluetooth headset that’s currently on is at risk of something like this. The biggest part of the risk is that almost all Bluetooth headsets use a default PIN (usually 0000).

Watch the video here.

Suspicious Websites

Posted by on 1 December, 2007 No comments

It's a trapWith apologies to all those who conduct legitimate activties on the following sites I’d like to warn you on the current trend of malicious sites.

At the moment a lot of sites hosted on Geocities contain various bits of malware. So if you see a link anywhere (in an email, in a chat window, on another web page) that begins with geocities.com be very suspicious.

And secondly there’s been so much malware coming from Chinese web sites. So be cautious of any link that has .cn in the address.

A plug-in must be installed

Posted by on 1 December, 2007 1 comment

In order to view the photos a plug-in must be installed.”

Binoculars These dreadful words have been appearing in some spam emails, in Dutch. And on top of that the emails, at first glance, appear to be a legitimate news article. Interested readers might be tempted to click on the link, install the suggested plug-in, and hope to view photos of whatever the email is about.

You should never install anything an unsolicited email tells you to. You shouldn’t have to install anything to view photos. These particular spam emails will provide a link to a file called iPIX-install.exewhich is in fact a trojan that spies on your computer.

Another point worth mentioning is that spam and malicious emails are now being sent in languages other than English in the hope of catching out people who live in non English speaking countries (by trying to win their trust).